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In the Claims: 



Please amend Claims 1, 3, 10, 13, 16, 22, 53, 54; cancel Claims 4-5, 17-18, 51, and add 
new Claims 56-62, all as shown below. Applicant respectfully reserves the right to prosecute 
any originally presented or canceled claims in a continuing or future application. 

1 . (Currently Amended) A system for single security administration comprising: 

a first [[type]] application serve r of a first server type , which is configured to execute 
transaction processes including receiving calls from clients to initiate the transaction processes, 
wherein the first [[type]] application server includes 

an access control list which defines user security information for use in 
authorizing the cal ls from clients, and 

a Lightweight Directory Access Protocol (LDAP1 [[an]] authentication server 
pluoin which is configured to forward the calls from c lients to another application server 
for authorization; 




a plurality second application server of a_second server t ype corvere, whoro i n each 
p o cond typo corvor inc l udes an e mboddod corvor and each socond typo s o rvor is associat e d 
with a Docur i ty data repository that prov i doo to tho cocond typo corvor ucor s e curity i nformation 
acoociQtod with both the first typo s e rv e r and tho socond typ o sorvor which is configured to 
administer security for the first application server, wherein the second application server 
includes 

a user profile database which includes security inform ation for a Plurality of 
users, including for each of the users a mapping of s ecurity credentials for that user 
between the first server type and the second serve r type, and 

an embedded LDAP server which is configured to receive the calls from the 
LDAP authentication server pluoin: and 

whoro i n th e fir c t typo corvor hold s on l y access control l ist and r el i e s on ono of th e 
plur a lity of socond typo s e rvero to provide us e r and group information, and, 

whoroin, i n rocponco to rocoiv i ng a roquoct for authent i cat i on from a user at tho f i rst type 
corvor, tho authent i cat i on co rvor at the first typo corvor dotonm i nos wh i ch cocond typo serv e r 
stor e s security i nformation for tho particu l ar us e r; 

wherein, when a call is received from a client to initiate a transaction at the first 
application server, the LDAP authentica tion server pluoin 
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identifies the user associated with the call. 

determines that the second application server should auth enticate the user. 
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initiates an LDAP session between the first [[type]] application server and [[said]] 
the second [[type]] application server[[;]] A 

[[passes]] sends a query information from said authenticat i on s e rv e r to [[said]] 
the embedded LDAP server[[;]L 

receives from the embedded LDAP server a corresponding user information as 
determined by the user profile database at the second application server fRTI. and 

creates a token reflecting the result, which is subsequently used to authenticate 
the client to participate in the transaction that r e fl e cts an auth e nt i cation resu l t that can bo 
us e d by said cliont . 

2. (Canceled). 

3. (Currently Amended) The system of claim 1 wherein said first [[type]] application server 
is an enterprise server. 

4-6. (Canceled). 

7. (Original) The system of claim 1 wherein said query information is query user information 
that specifies a particular user or group of users. 

8. (Previously Presented) The system of claim 1 wherein the system includes a plurality of 
servers. 

9. (Original) The system of claim 8 wherein at least two of said plurality of servers include 
an LDAP authentication server. 

10. (Currently Amended) The system of claim 1 , further comprising a user information cache 
that caches a copy of said user authentication information in case of a failure in a 
communication link between the first [[type]] application server and the second [[type]] 
application [[of]] server. 

1 1 . (Original) The system of claim 1 wherein the system is scalable to include multiple LDAP 
authentication servers and/or multiple embedded LDAP servers. 
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12. (Original) The system of claim 1 wherein at least one of said servers include a console 
program for administering the security of the system. 

13. (Currently Amended) A method for providing single security administration comprising 
the steps of: 

providing a first application server of a first server type, which is configured to execute 
transaction processes including receiving calls from clients to initiate the transaction processes, 
wherein the first server includes 

an access control list which defines user security information for use in 
authorizing the calls from clients, and 

a Lightweight Directory Access Protocol (LDAP) authentication server plugin 
which is configured to forward the calls from clients to another application server for 
authorization: 

providing a second application server of a second server type, which is configured to 
administer security for the first application server, wherein the second application server 
includes 

a user profile database which includes security information for a plurality of 
users, including for each of the users a mapping of security credentials for that user 
between the first server type and the second server type, and 

an embedded LDAP server which is configured to receive the calls from the 
LDAP authentication server plugin: 

receiving a call from a client to initiate a transaction at the first application server: and 
performing, via the LDAP authentication server plugin. the steps of 
identifying the user associated with the call. 

determining that the second application server should authenticate the 

user 

initiating a LDAP session between the first application server and the 
second application server. 

sending a guery information to the embedded LDAP server. 

receiving from the embedded LDAP server a corresponding user 
information as determined by the user profile database at the second application 
server, and 

creating a token reflecting the result which is subseouentlv used to 
authenticate the client to participate in the transaction 
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i ssuing a Ga ll to an auth e nt i cation s e rv e r at a first typo s e rver, wherein th e first typo 
se rv e r holds only acc e ss contro l l i s t and re l i es on on e of the plura l ity of s e cond typ e s e rv e rs to 
p rovide u se r and group information - 

d e t e rm i ning wh i ch second type server store s s e curity i nformat i on for the part i cu l ar u se r; 

p a ssing qu e ry user informat i on from said auth e nt i cation s e rv e r to on emb e dd e d LDAP 
s e rv e r at the second type server, wher ei n th e seoond typ e se rv e r inc l ud es a si ngl e s e cur i ty dat a 
r e pository that provid e s th e s e cond type s e rv e r us e r - seGurity -i nformation a ssoci a t e d w i th both 
th e on e of th e first typ e s e rv e rs and th e s e cond se rv e r; 

return i ng corr e sponding us e r i nformat i on to sa i d authentication server; and, 

provid i ng an auth e nt i cat i on tok e n for uso by tho oliont . 

14. (Original) The method of claim 13, further comprising the step, prior to issuing a call, of 
allowing a client tq access a default security plugin. 

15. (Canceled). 

1 6. (Currently Amended) The method of claim 1 3 wherein said first [[type]] application server , 
is an enterprise server. 

17-19. (Canceled). 

20. (Previously Presented) The method of claim 13 wherein said query user information is 
query user information that specifies a particular user or group of users. 

21. (Previously Presented) The method of claim 13, further comprising: including a plurality 
of servers. 

22. (Currently Amended) The method of claim 21 wherein at least two of said plurality of 
servers include [[an]] a LDAP authentication server. 

23. (Original) The method of claim 13, further comprising a user information cache that 
caches a copy of said user information. 

24. (Previously Presented) The method of claim 13, further comprising: 
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being scalable to include multiple LDAP authentication servers and/or multiple 
embedded LDAP servers. 

25. (Original) The method of claim 13 wherein at least one of said servers include a console 
program for administering the security of the system. 

26-51. (Canceled). 

52. (Previously Presented) The system of claim 1 , wherein: 

the session is a LDAP session that supports a single user security data store and 
administration. 

53. (Currently Amended) The system of claim 1, wherein: 

e ach of th e plura l ity of the second application server type of se rv e r s supports backup or 
failover authentication. 

54. (Currently Amended) The system of claim 1 , wherein: 

the first [[type]] a pplication server also supports a separate independent authentication 
mechanism with a separate security repository. 

55. (Previously Presented) The system of claim 53, further comprising: 

a migrating utility that takes user security information from the separate security 
repository associated with the first type server and updates the security data repository 
associated with at least one of the plurality of second type servers. 

56. (New) The system of claim 1, wherein: 

the LDAP authentication server plugin at the first application server further 

determines another second type server in a plurality of second type servers that 

stores user and group information for a particular user, when a previously determined 

second type server fails, 

initiates a session between the first application server and said another second 

type server, 

passes query information from said authentication server to an embedded 
LDAP server in said another second type server, and 
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receives corresponding user and group information from the embedded LDAP 
server in said another second type server. 

57. (New) The system of claim 1 wherein the first server type and first application server are 
Tuxedo-based, and the second server type and second application server are a type other than 
Tuxedo. 

58. (New) The method of claim 1 3, wherein: 

performing.via the LDAP authentication server plugin, the steps of 

determining another second type server in a plurality of second type servers that 

stores user and group information for a particular user, when a previously determined 

second type server fails, 

initiating a session between the first application server and said another second 

type server, 

passing query information from said authentication server to an embedded 
LDAP server in said another second type server, and 

receiving corresponding user and group information from the embedded LDAP 
server in said another second type server. 

59. (New) The method of claim 13 wherein the first server type and first application server 
are Tuxedo-based, and the second server type and second application server are a type other 
than Tuxedo. 

60. (New) A machine readable storage medium having instructions embedded thereon and 
performing the following functions when executed by a processor 

providing a first application server of a first server type, which is configured to execute 
transaction processes including receiving calls from clients to initiate the transaction processes, 
wherein the first application server includes 

an access control list which defines user security information for use in 
authorizing the calls from clients, and 

a Lightweight Directory Access Protocol (LDAP) authentication server plugin 
which is configured to forward the calls from clients to another application server for 
authorization; 

providing a second application server of a second server type, which is configured to 
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administer security for the first application server, wherein the second application server 
includes 

a user profile database which includes security information for a plurality of 
users, including for each of the users a mapping of security credentials for that user 
between the first server type and the second server type, and 

an embedded LDAP server which is configured to receive the calls from the 
LDAP authentication server plugin; 

receiving a call from a client to initiate a transaction at the first application server; and 
performing, via the LDAP authentication server plugin, the steps of 
identifing the user associated with the call, 

determining that the second application server should authenticate the 

user, 

initiating a LDAP session between the first application server and the 

second application server, 

sending a query information to the embedded LDAP server, 

receiving from the embedded LDAP server a corresponding user 

information as determined by the user profile database at the second application 

server, and 

creating a token reflecting the result, which is subsequently used to 
authenticate the client to participate in the transaction. 

61. (New) The machine readable storage medium of claim 60, further comprising 
instructions performing the following functions when executed by a processor: 
performing, via the LDAP authentication server plugin, the steps of 

determining another second type server in a plurality of second type servers that 
stores user and group information for a particular user, when a previously determined 
second type server fails, 

initiating a session between the first application server and said another second 
type server, 

passing query information from said authentication server to an embedded 
LDAP server in said another second type server, and 

receiving corresponding user and group information from the embedded LDAP 
server in said another second type server. 
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62. (New) The machine readable storage medium of claim 60, wherein the first server type 
and first application server are Tuxedo-based, and the second server type and second 
application server are a type other than Tuxedo. 
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